How to use the xml-crypto.SignedXml function in xml-crypto
To help you get started, we’ve selected a few xml-crypto examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
AzureAD / passport-azure-ad / lib / saml.js View on Github 
SAML.prototype.validateSignature = function validSignature(xml, cert) {
const doc = new xmldom.DOMParser().parseFromString(xml);
const xpathExpression = '//*[local-name(.)="Signature" and namespace-uri(.)="http: //www.w3.org/2000/09/xmldsig#"]';
const signature = xmlCrypto.xpath(doc, xpathExpression)[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo: () => {
return '';
},
getKey: () => {
// should I use the key in keyInfo or in cert?
return pem.certToPEM(cert);
},
};
sig.loadSignature(signature.toString());
return sig.checkSignature(xml);
};function signXML(xml, signatureLocation, signedXPath, credentials, options) {
options = options || {};
// create and configure xml-crypto SignedXml instance
const signatureAlgorithm = resolveSignatureAlgorithm(options.signatureAlgorithm);
const signer = new SignedXml(null, {
signatureAlgorithm: signatureAlgorithm
});
signer.keyInfoProvider = new CertKeyInfo(credentials.certificate);
signer.signingKey = pemFormatting.addPEMHeaders("RSA PRIVATE KEY", credentials.privateKey);
signer.addReference(signedXPath, [
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",
"http://www.w3.org/2001/10/xml-exc-c14n#"
]);
// compute signature and return signed XML document string
signer.computeSignature(xml, {
prefix: options.prefix || "ds",
location: signatureLocation || ""
});if (!options.cert)
throw new Error('Expect a public key cert in pem format');
options.signatureAlgorithm = options.signatureAlgorithm || 'rsa-sha256';
options.digestAlgorithm = options.digestAlgorithm || 'sha256';
options.includeAttributeNameFormat = (typeof options.includeAttributeNameFormat !== 'undefined') ? options.includeAttributeNameFormat : true;
options.typedAttributes = (typeof options.typedAttributes !== 'undefined') ? options.typedAttributes : true;
// 0.10.1 added prefix, but we want to name it signatureNamespacePrefix - This is just to keep supporting prefix
options.signatureNamespacePrefix = options.signatureNamespacePrefix || options.prefix;
options.signatureNamespacePrefix = typeof options.signatureNamespacePrefix === 'string' ? options.signatureNamespacePrefix : '' ;
var cert = utils.pemToCert(options.cert);
var sig = new SignedXml(null, { signatureAlgorithm: algorithms.signature[options.signatureAlgorithm], idAttribute: 'ID' });
sig.addReference("//*[local-name(.)='Assertion']",
["http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"],
algorithms.digest[options.digestAlgorithm]);
sig.signingKey = options.key;
sig.keyInfoProvider = {
getKeyInfo: function (key, prefix) {
prefix = prefix ? prefix + ':' : prefix;
return "<" + prefix + "X509Data><" + prefix + "X509Certificate>" + cert + "";
}
};
var doc;
try {
doc = new Parser().parseFromString(saml20.toString());SAML.prototype.validateSignature = function(xml, cert) {
const self = this;
const doc = new xmldom.DOMParser().parseFromString(xml);
const signature = xmlCrypto.xpath(doc, '//*[local-name(.)=\'Signature\' and namespace-uri(.)=\'http://www.w3.org/2000/09/xmldsig#\']')[0];
const sig = new xmlCrypto.SignedXml();
sig.keyInfoProvider = {
getKeyInfo(/* key*/) {
return '';
},
getKey(/* keyInfo*/) {
return self.certToPEM(cert);
},
};
sig.loadSignature(signature);
return sig.checkSignature(xml);
};verifySignature: function verifySignature(xml, signature, opts) {
var options = opts || {};
var refXPath = options.referenceXPath;
var signatureAlgorithm = options.signatureAlgorithm || signatureAlgorithms.RSA_SHA1; // SS1.1
var sig = new SignedXml();
sig.signatureAlgorithm = signatureAlgorithm; // SS1.1
// Add assertion sections as reference
if(options.keyFile) {
sig.keyInfoProvider = new FileKeyInfo(options.keyFile);
} else if(options.cert) {
sig.keyInfoProvider = new this.getKeyInfo(options.cert.getX509Certificate(certUsage.SIGNING));
} else {
throw new Error('Undefined certificate or keyfile in \'opts\' object');
}
sig.loadSignature(signature.toString());
var res = sig.checkSignature(xml);
if (!res) {
throw new Error(sig.validationErrors);
} else {
return true;
}exports.verifySignature = function(assertion, cert) {
try {
var doc = new xmldom.DOMParser().parseFromString(assertion);
var signature = xmlCrypto.xpath(doc, "/*/*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']")[0];
var sig = new xmlCrypto.SignedXml(null, { idAttribute: 'AssertionID' });
sig.keyInfoProvider = {
getKeyInfo: function (key) {
return "";
},
getKey: function (keyInfo) {
return cert;
}
};
sig.loadSignature(signature.toString());
var result = sig.checkSignature(assertion);
if (!result) {
console.log(sig.validationErrors);
}
return result;function WSSecurityCertTBK(privatePEM, publicP12PEM, password, encoding, debug) {
if (!ursa) {
throw new Error('Module ursa must be installed to use WSSecurityCertTBK');
}
this.debug = debug;
this.privateKey = ursa.createPrivateKey(privatePEM, password, encoding);
this.publicP12PEM = publicP12PEM.toString().replace('-----BEGIN CERTIFICATE-----', '').replace('-----END CERTIFICATE-----', '').replace(/(\r\n|\n|\r)/gm, '');
this.signer = new SignedXml();
this.signer.signingKey = this.privateKey.toPrivatePem();
this.x509Id = "x509-" + generateId();
var _this = this;
pem.readCertificateInfo(publicP12PEM,
function(pemError, pemData){
if( pemError ){
console.error("PEM read error, cannot retrieve cert data : "+pemError);
}
_this.certSerial = "";
if(!Number.isNaN(parseInt(pemData.serial.split(" ")[0])) && pemData.serial.indexOf(":") < 0){
_this.certSerial = pemData.serial.split(" ")[0];
}else{
var tokens = pemData.serial.split(":");
for( var i = 0; i < tokens.length; ++i ){function validateXMLSignature(xml, signatureNode, credential) {
const sigCheck = new SignedXml();
sigCheck.keyInfoProvider = new CertKeyInfo(credential.certificate);
sigCheck.loadSignature(signatureNode);
const isValid = sigCheck.checkSignature(xml);
if (isValid) {
return 0;
}
else {
return sigCheck.validationErrors;
}
}constructor(privatePEM: any, publicP12PEM: any, password: any, options: IWSSecurityCertOptions = {}) {
this.publicP12PEM = publicP12PEM.toString()
.replace('-----BEGIN CERTIFICATE-----', '')
.replace('-----END CERTIFICATE-----', '')
.replace(/(\r\n|\n|\r)/gm, '');
this.signer = new SignedXml();
if (options.signatureAlgorithm === 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') {
this.signer.signatureAlgorithm = options.signatureAlgorithm;
this.signer.addReference(
'//*[name(.)="soap:Body"]',
[ 'http://www.w3.org/2001/10/xml-exc-c14n#' ],
'http://www.w3.org/2001/04/xmlenc#sha256',
);
}
if (options.additionalReferences && options.additionalReferences.length > 0) {
this.additionalReferences = options.additionalReferences;
}
if (options.signerOptions) {
const { signerOptions } = options;
this.signerOptions = signerOptions;public static signXml(xml: string, tag: string, certificado: any) {
let sig = new SignedXml();
sig.addReference("//*[local-name(.)='"+tag+"']","","","","","", true);
sig.signingKey = certificado.pem;
sig.computeSignature(xml);
return sig.getSignedXml();
}xml-crypto
Xml digital signature and encryption library for Node.js
